National Security Agency Explained

Agency Name:National Security Agency
Nativename:NSA, The Agency, Crypto City, No Such Agency
Formed:4 November 1952
Preceding1:Armed Forces Security Agency
Jurisdiction:United States
Headquarters:Fort Meade, Maryland
Employees:Classified
Budget:Classified
Chief1 Name:Lieutenant General Keith B. Alexander, USA
Chief1 Position:Director
Chief2 Name:John C. (Chris) Inglis
Chief2 Position:Deputy Director
Parent Agency:U.S. Department of Defense
Homepage:nsa.gov

The National Security Agency/Central Security Service (NSA/CSS) is a cryptologic intelligence agency of the United States government, administered as part of the United States Department of Defense. Created on November 4, 1952 by President Truman, it is responsible for the collection and analysis of foreign communications and foreign signals intelligence, which involves a significant amount of cryptanalysis. It is also responsible for protecting U.S. government communications and information systems from similar agencies elsewhere, which involves a significant amount of cryptography. NSA has recently been directed to help monitor U.S. federal agency computer networks to protect them against attacks.[1] NSA is directed by a lieutenant general or vice admiral. NSA is a key component of the U.S. Intelligence Community, which is headed by the Director of National Intelligence. The Central Security Service is a co-located agency created to coordinate intelligence activities and co-operation between NSA and U.S. military cryptanalysis agencies. Contrary to popular impression, NSA's work is limited to communications intelligence and not field or human intelligence activities. By law, NSA's intelligence gathering is limited to foreign communications, but its work includes some domestic surveillance.[2]

Organization

The National Security Agency is divided into two major missions: the Signals Intelligence Directorate (SID), responsible for the production of foreign signals intelligence information, and the Information Assurance Directorate (IAD), responsible for the protection of U.S. information systems.[3]

Effect on non-governmental cryptography

NSA has been involved in debates about public policy, both as a behind-the-scenes adviser to other departments, and directly during and after Vice Admiral Bobby Ray Inman's directorship. NSA was a major player in the debates of the 1990s regarding the export of cryptography. Restrictions on export were reduced but not eliminated in 1996.

Clipper chip

See main article: Clipper chip. Because of concerns that widespread use of strong cryptography would hamper government use of wiretaps, NSA proposed the concept of key escrow in 1993 and introduced the Clipper chip that would offer stronger protection than DES but would allow access to encrypted data by authorized law enforcement officials. The proposal was strongly opposed and key escrow requirements ultimately went nowhere. However, NSA's Fortezza hardware-based encryption cards, created for the Clipper project, are still used within government, and NSA ultimately published the design of the SKIPJACK cipher (but not the key exchange protocol) used on the cards.

Advanced Encryption Standard (AES)

See main article: Advanced Encryption Standard. Possibly because of previous controversy, the involvement of NSA in the selection of a successor to DES, the Advanced Encryption Standard (AES), was initially limited to hardware performance testing (see AES competition). NSA has subsequently certified AES for protection of classified information (for at most two levels, e.g. SECRET information in an unclassified environment) when used in NSA-approved systems. The widely-used SHA hash functions were designed by NSA.

Dual EC DRBG random number generator

See main article: Dual EC DRBG. NSA promoted the inclusion of a random number generator called Dual EC DRBG in the U.S. National Institute of Standards and Technology's 2007 guidelines. This led to speculation of a backdoor which would allow NSA access to data encrypted by systems using that random number generator.[4]

Academic research

NSA has invested many millions of dollars in academic research under grant code prefix MDA904, resulting in over 3,000 papers (as of 2007-10-11). NSA funding sources are often declared in the papers, but some researchers try to conceal or otherwise play down the source. NSA/CSS has, at times, attempted to restrict the publication of academic research into cryptography; for example, the Khufu and Khafre block ciphers were voluntarily withheld in response to an NSA request to do so.

Patents

NSA has the ability to file for a patent from the U.S. Patent and Trademark Office under gag order. Unlike normal patents, these are not revealed to the public and do not expire. However, if the Patent Office receives an application for an identical patent from a third party, they will reveal NSA's patent and officially grant it to NSA for the full term on that date.[5]

One of NSA's published patents describes a method of geographically locating an individual computer site in an Internet-like network, based on the latency of multiple network connections.[6]

NSA programs

ECHELON

See main article: ECHELON.

NSA/CSS, in combination with the equivalent agencies in the United Kingdom (Government Communications Headquarters), Canada (Communications Security Establishment), Australia (Defence Signals Directorate), and New Zealand (Government Communications Security Bureau), otherwise known as the UKUSA group[7], is widely reported to be in command of the operation of the so-called ECHELON system. Its capabilities are suspected to include the ability to monitor a large proportion of the world's transmitted civilian telephone, fax and data traffic, according to a December 16, 2005 article in the New York Times.[8]

Technically, almost all modern telephone, internet, fax and satellite communications are exploitable due to recent advances in technology and the 'open air' nature of much of the radio communications around the world.NSA's presumed collection operations have generated much criticism, possibly stemming from the assumption that NSA/CSS represents an infringement of Americans' privacy. However, NSA's United States Signals Intelligence Directive 18 (USSID 18) strictly prohibits the interception or collection of information about "...U.S. persons, entities, corporations or organizations..." without explicit written legal permission from the United States Attorney General, when the subject is located abroad, or the Foreign Intelligence Surveillance Court when within U.S. Borders.[9] The U.S. Supreme Court has ruled that intelligence agencies cannot conduct surveillance against American citizens. There are a few extreme circumstances where collecting on a U.S. entity is allowed without a USSID 18 waiver, such as with civilian distress signals, or sudden emergencies such as the September 11, 2001 attacks; however, the USA PATRIOT Act has significantly changed privacy legality.

There have been alleged violations of USSID 18 that occurred in violation of NSA's strict charter prohibiting such acts. In addition, ECHELON is considered with indignation by citizens of countries outside the UKUSA alliance, with numerous allegations that the United States government uses it for motives other than its national security, including political and industrial espionage.[10] [11] Examples include the gear-less wind turbine technology designed by the German firm Enercon[12] [13] and the speech technology developed by the Belgian firm Lernout & Hauspie. An article in the Baltimore Sun reported in 1995 that aerospace company Airbus lost a $6 billion contract with Saudi Arabia in 1994 after NSA reported that Airbus officials had been bribing Saudi officials to secure the contract.[14] [15] The chartered purpose of NSA/CSS is solely to acquire significant foreign intelligence information pertaining to National Security or ongoing military intelligence operations.

In his book Firewall, Andy McNab speculates that the UKUSA agreement is designed to enable NSA, GCHQ, and other equivalent organizations to gather intelligence on each other's citizens. For example, NSA cannot legally conduct surveillance on American citizens, but GCHQ might do it for them.

Domestic activity

NSA's mission, as set forth in Executive Order 12333, is to collect information that constitutes "foreign intelligence or counterintelligence" while not "acquiring information concerning the domestic activities of United States persons". NSA has declared that it relies on the FBI to collect information on foreign intelligence activities within the borders of the USA, while confining its own activities within the USA to the embassies and missions of foreign nations.

NSA's domestic surveillance activities are limited by the requirements imposed by the Fourth Amendment to the U.S. Constitution; however, these protections do not apply to non-U.S. persons located outside of U.S. borders, so the NSA's foreign surveillance efforts are subject to far fewer limitations under U.S. law.[16] The specific requirements for domestic surveillance operations are contained in the Foreign Intelligence Surveillance Act of 1978 (FISA), which does not extend protection to non-U.S. citizens located outside of U.S. territory.[16]

These activities, especially the publicly acknowledged domestic telephone tapping and call database programs, have prompted questions about the extent of the NSA's activities and concerns about threats to privacy and the rule of law.

Wiretapping programs

Domestic wiretapping under Richard Nixon

In the years after President Richard Nixon resigned, there were several investigations of suspected misuse of Central Intelligence Agency (CIA) and NSA facilities. Senator Frank Church headed a Senate investigating committee (the Church Committee) which uncovered previously unknown activity, such as a CIA plot (ordered by President John F. Kennedy) to assassinate Fidel Castro. The investigation also uncovered NSA's wiretaps on targeted American citizens. After the Church Committee hearings, the Foreign Intelligence Surveillance Act of 1978 became law, limiting circumstances under which domestic surveillance was allowed.

ThinThread wiretapping and data mining

See main article: ThinThread. A wiretapping program named ThinThread was tested in the late 1990s, but never put into operation. ThinThread contained both advanced data mining capabilities and built-in privacy protections. These privacy protections were abandoned in the post-9/11 effort by President George W. Bush to improve the intelligence community's responsiveness to terrorism. The research done under this program may have contributed to the technology used in later systems.[17]

Warrantless wiretaps under George W. Bush and Barack Obama

See main article: NSA warrantless surveillance controversy.

On December 16, 2005, the New York Times reported that, under White House pressure and with an executive order from President George W. Bush, the National Security Agency, in an attempt to thwart terrorism, had been tapping the telephones of individuals in the U.S. calling persons outside the country, without obtaining warrants from the United States Foreign Intelligence Surveillance Court, a secret court created for that purpose under the Foreign Intelligence Surveillance Act (FISA).[18]

One such surveillance program, authorized by the United States Signals Intelligence Directive 18 of President George Bush, was the Highlander Project undertaken for the National Security Agency by the United States Army 513th Military Intelligence Brigade. NSA relayed telephone (including cell phone) conversations obtained from both ground, airborne, and satellite monitoring stations to various U.S. Army Signal Intelligence Officers, including the 201st Military Intelligence Battalion. Conversations of citizens of the United States were intercepted, along with those of other nations.http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB23/index2.html#doc7

Proponents of the surveillance program claim that the President has executive authority to order such action, arguing that laws such as FISA are overridden by the President's Constitutional powers. In addition, some argued that FISA was implicitly overridden by a subsequent statute, the Authorization for Use of Military Force, although the Supreme Court's ruling in Hamdan v. Rumsfeld deprecates this view. In the August 2006 case ACLU v. NSA, U.S. District Court Judge Anna Diggs Taylor concluded that NSA's warrantless surveillance program was both illegal and unconstitutional. On July 6, 2007 the 6th Circuit Court of Appeals overturned Judge Taylor's ruling, reversing her findings.[19]

In a filing in San Francisco federal court in January, 2009, the administration of President Barack Obama adopted the same position as his predecessor when it urged U.S. District Judge Vaughn Walker to set aside a ruling in a closely watched spy case (Al-Haramain Islamic Foundation et al. v. Obama, et al.) weighing whether a U.S. president may bypass Congress and establish a program of eavesdropping on Americans without warrants. [20] The Obama administration also sided with the former administration in its legal defense of July, 2008 legislation that immunized the nation's telecommunications companies from lawsuits accusing them of complicity in the eavesdropping program, according to testimony by Attorney General Eric Holder.[21]

AT&T Internet monitoring

In May 2006, Mark Klein, a former AT&T employee, alleged that his company had cooperated with NSA in installing hardware to monitor network communications including traffic between American citizens.[22]

Transaction data mining

NSA is reported to use its computing capability to analyze "transactional" data that it regularly acquires from other government agencies, which gather it under their own jurisdictional authorities. As part of this effort, NSA now monitors huge volumes of records of domestic emails and Internet searches as well as bank transfers, credit-card transactions and travel and telephone records, according to current and former intelligence officials interviewed by the WSJ.[23]

In fiction

See main article: NSA in fiction. Since the existence of NSA has become more widely known in the past few decades, and particularly since the 1990s, the agency has regularly been portrayed in spy fiction. Many such portrayals grossly exaggerate the organization's involvement in the more sensational activities of intelligence agencies. The agency now plays a role in numerous books, films, television shows, computer and video games.

Staff

See main article: Director of the National Security Agency.

Directors

Deputy Directors

Notable cryptanalysts

NSA encryption systems

See main article: NSA encryption systems.

NSA is responsible for the encryption-related components in these systems:

Some past NSA SIGINT activities

See also

NSA computers

Further reading

External links

Notes and References

  1. News: Bush Order Expands Network Monitoring: Intelligence Agencies to Track Intrusions. Ellen Nakashima. The Washington Post. 2008-01-26. 2008-02-09.
  2. News: Gorman, Siobhan. NSA's Domestic Spying Grows As Agency Sweeps Up Data. The Wall Street Journal. Dow Jones. March 10, 2008. 2008-04-28.
  3. Web site: The National Security Agency Frequently Asked Questions. National Security Agency. 2008-07-04.
  4. News: Did NSA Put a Secret Backdoor in New Encryption Standard?. Bruce Schneier. Wired News. 2007-11-15. 2008-07-04.
  5. Book: Schneier, Bruce. Bruce Schneier

    . Bruce Schneier. Applied Cryptography, Second Edition. John Wiley & Sons. 1996. 609–610. 0-471-11709-9.

  6. Web site: United States Patent and Trademark Office. United States Patent 6,947,978 - Method for geolocating logical network addresses.. 2005-09-20. 2008-07-04.
  7. Richelson, Jeffrey T.; Ball, Desmond (1985). The Ties That Bind: Intelligence Cooperation Between the UKUSA Countries. London: Allen & Unwin. ISBN 0-04-327092-1
  8. Web site: Bush Lets U.S. Spy on Callers Without Courts. The New York Times. James Risen and Eric Lichtblau. December 16, 2005. 2008-07-04.
  9. National Security Agency. United States Signals Intelligence Directive 18. National Security Agency July 27, 1993. Last access date March 23, 2007
  10. Web site: European Parliament Report on ECHELON. PDF. 2001. July. 2008-07-04.
  11. Web site: Nicky Hager Appearance before the European Parliament ECHELON Committee. 2001. April. 2008-07-04.
  12. Die Zeit: 40/1999 "Verrat unter Freunden" ("Treachery among friends", German), available at archiv.zeit.de
  13. Report A5-0264/2001 of the European Parliament (English), available at European Parliament website
  14. Web site: BBC News. 2008-07-04.
  15. Web site: Interception capabilities 2000. 2008-07-04.
  16. David Alan Jordan. Decrypting the Fourth Amendment: Warrantless NSA Surveillance and the Enhanced Expectation of Privacy Provided by Encrypted Voice over Internet Protocol. Boston College Law Review. May, 2006. Last access date January 23, 2007
  17. News: Siobhan. Gorman. Siobhan Gorman. NSA killed system that sifted phone data legally. Baltimore Sun. Tribune Company (Chicago, IL). 2006-05-17. 2008-03-07. The privacy protections offered by ThinThread were also abandoned in the post-Sept. 11 push by the president for a faster response to terrorism..
  18. [James Risen]
  19. http://fl1.findlaw.com/news.findlaw.com/nytimes/docs/nsa/aclunsa70607opn.pdf 6th Circuit Court of Appeals Decision
  20. http://blog.wired.com/27bstroke6/2009/01/obama-sides-wit.html
  21. http://blog.wired.com/27bstroke6/2009/01/obama-to-fight.html
  22. 2007. February 16. For Your Eyes Only?. NOW. on PBS
  23. News: NSA's Domestic Spying Grows As Agency Sweeps Up Data. Siobahn. Gorman. The Wall Street Journal Online. 2008-03-10. 2008-03-17.